diff -Nru mod-wsgi-3.3/debian/changelog mod-wsgi-3.3/debian/changelog --- mod-wsgi-3.3/debian/changelog 2014-05-22 23:06:12.000000000 +0000 +++ mod-wsgi-3.3/debian/changelog 2014-11-18 16:12:47.000000000 +0000 @@ -1,3 +1,13 @@ +mod-wsgi (3.3-4ubuntu0.2) precise-security; urgency=medium + + * SECURITY UPDATE: possible privilege escalation via incorrect error + checking + - debian/patches/CVE-2014-8583.patch: restart process if privileges + couldn't be dropped in mod_wsgi.c. + - CVE-2014-8583 + + -- Marc Deslauriers Tue, 18 Nov 2014 11:12:46 -0500 + mod-wsgi (3.3-4ubuntu0.1) precise-security; urgency=medium * SECURITY UPDATE: Fix possibility of local privilege escalation when diff -Nru mod-wsgi-3.3/debian/patches/CVE-2014-8583.patch mod-wsgi-3.3/debian/patches/CVE-2014-8583.patch --- mod-wsgi-3.3/debian/patches/CVE-2014-8583.patch 1970-01-01 00:00:00.000000000 +0000 +++ mod-wsgi-3.3/debian/patches/CVE-2014-8583.patch 2014-11-18 16:12:23.000000000 +0000 @@ -0,0 +1,156 @@ +Backport of: + +From 545354a80b9cc20d8b6916ca30542eab36c3b8bd Mon Sep 17 00:00:00 2001 +From: Graham Dumpleton +Date: Wed, 18 Jun 2014 21:17:34 +1000 +Subject: [PATCH] When there is any sort of error in setting up daemon process + group, kill the process rather than risk running in an unexpected state. + +--- + src/server/mod_wsgi.c | 54 ++++++++++++++++++++++++++++++++++++++++++++++++--- + 1 file changed, 51 insertions(+), 3 deletions(-) + +Index: mod-wsgi-3.3/mod_wsgi.c +=================================================================== +--- mod-wsgi-3.3.orig/mod_wsgi.c 2014-11-18 11:09:59.139895417 -0500 ++++ mod-wsgi-3.3/mod_wsgi.c 2014-11-18 11:09:59.139895417 -0500 +@@ -9960,7 +9960,7 @@ + #endif + } + +-static void wsgi_setup_access(WSGIDaemonProcess *daemon) ++static int wsgi_setup_access(WSGIDaemonProcess *daemon) + { + /* Setup the umask for the effective user. */ + +@@ -9974,6 +9974,8 @@ + ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server, + "mod_wsgi (pid=%d): Unable to change root " + "directory to '%s'.", getpid(), daemon->group->root); ++ ++ return -1; + } + } + +@@ -9984,6 +9986,8 @@ + ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server, + "mod_wsgi (pid=%d): Unable to change working " + "directory to '%s'.", getpid(), daemon->group->home); ++ ++ return -1; + } + } + else if (geteuid()) { +@@ -9996,12 +10000,16 @@ + ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server, + "mod_wsgi (pid=%d): Unable to change working " + "directory to '%s'.", getpid(), pwent->pw_dir); ++ ++ return -1; + } + } + else { + ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server, + "mod_wsgi (pid=%d): Unable to determine home " + "directory for uid=%ld.", getpid(), (long)geteuid()); ++ ++ return -1; + } + } + else { +@@ -10014,6 +10022,8 @@ + ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server, + "mod_wsgi (pid=%d): Unable to change working " + "directory to '%s'.", getpid(), pwent->pw_dir); ++ ++ return -1; + } + } + else { +@@ -10021,13 +10031,15 @@ + "mod_wsgi (pid=%d): Unable to determine home " + "directory for uid=%ld.", getpid(), + (long)daemon->group->uid); ++ ++ return -1; + } + } + + /* Don't bother switch user/group if not root. */ + + if (geteuid()) +- return; ++ return 0; + + /* Setup the daemon process real and effective group. */ + +@@ -10035,6 +10047,8 @@ + ap_log_error(APLOG_MARK, WSGI_LOG_ALERT(errno), wsgi_server, + "mod_wsgi (pid=%d): Unable to set group id to gid=%u.", + getpid(), (unsigned)daemon->group->gid); ++ ++ return -1; + } + else { + if (initgroups(daemon->group->user, daemon->group->gid) == -1) { +@@ -10042,6 +10056,8 @@ + wsgi_server, "mod_wsgi (pid=%d): Unable " + "to set groups for uname=%s and gid=%u.", getpid(), + daemon->group->user, (unsigned)daemon->group->gid); ++ ++ return -1; + } + } + +@@ -10059,12 +10075,25 @@ + * reached their process limit. In that case will be left + * running as wrong user. Just exit on all failures to be + * safe. Don't die immediately to avoid a fork bomb. ++ * ++ * We could just return -1 here and let the caller do the ++ * sleep() and exit() but this failure is critical enough ++ * that we still do it here so it is obvious that the issue ++ * is being addressed. + */ + ++ ap_log_error(APLOG_MARK, APLOG_ALERT, 0, wsgi_server, ++ "mod_wsgi (pid=%d): Failure to configure the " ++ "daemon process correctly and process left in " ++ "unspecified state. Restarting daemon process " ++ "after delay.", getpid()); ++ + sleep(20); + + exit(-1); + } ++ ++ return 0; + } + + static int wsgi_setup_socket(WSGIProcessGroup *process) +@@ -11079,7 +11108,24 @@ + + /* Setup daemon process user/group/umask etc. */ + +- wsgi_setup_access(daemon); ++ if (wsgi_setup_access(daemon) == -1) { ++ /* ++ * If we get any failure from setting up the appropriate ++ * permissions or working directory for the daemon process ++ * then we exit the process. Don't die immediately to avoid ++ * a fork bomb. ++ */ ++ ++ ap_log_error(APLOG_MARK, APLOG_ALERT, 0, wsgi_server, ++ "mod_wsgi (pid=%d): Failure to configure the " ++ "daemon process correctly and process left in " ++ "unspecified state. Restarting daemon process " ++ "after delay.", getpid()); ++ ++ sleep(20); ++ ++ exit(-1); ++ } + + /* Reinitialise accept mutex in daemon process. */ + diff -Nru mod-wsgi-3.3/debian/patches/series mod-wsgi-3.3/debian/patches/series --- mod-wsgi-3.3/debian/patches/series 2014-05-22 23:04:25.000000000 +0000 +++ mod-wsgi-3.3/debian/patches/series 2014-11-18 16:09:54.000000000 +0000 @@ -1,3 +1,4 @@ python-3.2-compat.patch CVE-2014-0240.patch CVE-2014-0242.patch +CVE-2014-8583.patch